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Abstract In this paper, we consider the automated planning of optimal paths for 
a robotic team satisfying a high level mission specification. Each robot in the team 
is modeled as a weighted transition system where the weights have associated de- 
viation values that capture the non-determinism in the traveling times of the robot 
during its deployment. The mission is given as a Linear Temporal Logic (LTL) for- 
mula over a set of propositions satisfied at the regions of the environment. Addi- 
tionally, we have an optimizing proposition capturing some particular task that must 
be repeatedly completed by the team. The goal is to minimize the maximum time 
between successive satisfying instances of the optimizing proposition while guaran- 
teeing that the mission is satisfied even under non-deterministic traveling times. Our 
method relies on the communication capabilities of the robots to guarantee correct- 
ness and maintain performance during deployment. After computing a set of optimal 
satisfying paths for the members of the team, we also compute a set of synchroniza- 
tion sequences for each robot to ensure that the LTL formula is never violated during 
deployment. We implement and experimentally evaluate our method considering a 
persistent monitoring task in a road network environment. 



1 Introduction 

Temporal logics ||5l, such as Linear Temporal Logic (LTL) and Computation Tree 
Logic (CTL), are extensions of propositional logic that can capture time. Even 
though temporal logics have been used in model checking of finite systems fl] 
for quite some time, they have gained popularity as a means for specifying com- 
plex mission requirements in path planning and control synthesis problems only 
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recently ifTSl [T3l |2T|. Existing work on path planning and control synthesis con- 
centrates on LTL specifications for finite state systems, which may be abstractions 
of their infinite counterparts (TSl TF) . Particularly, given the system model and the 
mission specification expressed in some temporal logic, satisfying paths and corre- 
sponding control strategies can be computed automatically through a search of the 
state space for deterministic [9|, non-deterministic lil6l[T8l[T3l[T0ll and probabilistic 
systems [2 11 , 4J. 

However, more often than not, there are multiple paths that can satisfy a given 
mission specification. In that case, one generally wants to be able to pick the path 
that is superior to others with respect to some metric, such as safety, speed, cost, 
etc. In our previous work, we focused on mission specifications given in LTL along 
with a particular cost function, and proposed an automated method for finding opti- 
mal robot paths that satisfy the mission and minimize the cost function for a single 
robot [|T4| . Next, we extended this approach to multi-robot teams by utilizing an 
abstraction based on timed automata |20|. Then, we proposed a robust method that 
could accomodate uncertainties in the traveling times of robots with limited com- 
munication capabilities 1 19 1. 

Extending the optimal path planning problem from a single robot to multiple 
robots is not trivial, as the joint asynchronous motion of all members of the team 
must be captured in a finite model. In [9i|, the authors propose a method for de- 
centralized motion of multiple robots subject to LTL specifications. Their method, 
however, results in sub-optimal performance as it requires the robots to travel syn- 
chronously, blocking the execution of the mission before each transition until all 
robots are synchronized. The vehicle routing problem (VRP) 1 17 1 and its extensions 
to more general classes of temporal constraints |7, 8 | also deal with finding optimal 
satisfying paths for a given specification. In |8|, the authors consider optimal vehi- 
cle routing with metric temporal logic specifications by converting the problem to a 
mixed integer linear program (MIL?). However, their method does not apply to the 
missions where robots must repeatedly complete some task, as it does not allow for 
specifications of the form "always eventually". Furthermore, none of these methods 
are robust to timing errors that can occur during deployment, as they rely on the 
robots' ability to follow generated trajectories exactly for satisfaction of the mission 
specification. 

In II20I , we proposed a method that uses timed automata to capture the joint 
asynchronous motion of the members of the robotic team in the environment. After 
providing a bisimulation ||12| of an infinite-dimensional timed automaton to a finite 
dimensional transition system, we applied our results from 1 14] to compute an opti- 
mal satisfying run. However, multi-robot paths found using this method are imple- 
mentable only if the traveling times of the robots during deployment exactly match 
the traveling times used for planning. Otherwise, the order of events may switch 
resulting in the violation of the mission specification during deployment. In |[T9]| , 
we addressed this issue for robots operating under communication constraints that 
limit their communication capabilities to a subset of regions. We showed that a 
trace-closed mission specification will never be violated due to uncertainties in the 
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speeds of the robots. Then, we proposed a synchronization protocol to maintain and 
characterize the field performance of the robotic team. 

The methods given in |20| and |fT9l are actually two extremes: In [20|, the robots 
can follow the generated trajectories exactly and do not communicate at all, while 
in lfT9l the robots' traveling times during deployment deviate from those used in 
planning, and they cannot communicate freely. In this paper, we address the mid- 
dle between these two extremes: the robots cannot follow the generated trajectories 
exactly, but they can communicate regardless of their positions in the environment. 
Thus, after obtaining an optimal satisfying run of the team, we compute synchro- 
nization sequences that leverage the communication capabilities of the robots to 
robustify the planned trajectory against deviations in traveling times. 

The main contribution of this paper is threefold. First, we provide an algorithm 
to capture the joint asynchronous behavior of a team of robots modeled as tran- 
sition systems in a single transition system. This team transition system is prov- 
ably more compact than the approach based on timed automata that we previously 
proposed in EOl . Second, for a satisfying run made up of a finite length prefix 
and an infinite length cyclic suffix, we propose a synchronization protocol and an 
algorithm to compute synchronization sequences that guarantee correctness under 
non-deterministic traveling times that may be observed during deployment. Finally, 
we provide an automated framework that leverages these two methods along with 
the Optimal-Run algorithm previously proposed in fT4l to solve the multi-robot 
optimal path planning problem with robustness guarantees. Our experiments show 
that the computed runs and synchronization sequences indeed provide robustness to 
uncertainties in traveling times that may occur during the deployment of the team. 

The rest of the paper is organized as follows: In Sec.|2] we provide some defini- 
tions and preliminaries in formal methods. In Sec. [3] we formulate the optimal and 
robust multi-robot path planning problem and give an outline of our approach. We 
provide a complete solution to this problem in Sec. |4] In Sec. |5] we present exper- 
iments involving a team of robots performing a persistent surveillance mission in a 
road network environment. Finally, in Sec.|6] we conclude with final remarks. 



2 Preliminaries 

In this section, we introduce the notations that we use in the rest of the paper and 
briefly review some concepts related to automata theory, LTL, and formal verifica- 
tion. For a more rigorous treatment of these topics, we refer the interested reader 
to |l3]|6l[T) and references therein. 

For a set E, we use \E\, 2^, E*, and E'^ to denote its cardinality, power set, set 
of finite words, and set of infinite words, respectively. We define E°° = E* UZ™ and 
denote the empty string by 0. 

Definition 1 (Transition System). A (weighted) transition system (TS) is a tuple 
T := {^j,qj,5j,nj,^j,wj), where 



4 



Alphan Ulusoy, Stephen L. Smith, and Cahn Belta 



1. cSt is a finite set of states; 

2. qj G i2x is the initial state; 

3. 5r C ^1 X £2i is the transition relation; 

4. JTt is a finite set of atomic propositions; 

5. : =St is a map giving the set of atomic propositions satisfied in a state; 

6. wj : 5t ]R>o is a map that assigns a positive weight to each transition. 

We define a run of T as an infinite sequence of states ~ q^\q^ ^ . . . such that 
q^ — qj,q'' & and {q^,q''^^) G 5r for all k>0. A run generates an infinite word 
a>r — ^{q'^),^{q^), ■ ■ ■ where -Sf (^*^) is the set of atomic propositions satisfied at 
state 

In this work, we consider mission specifications expressed in Linear Temporal 
Logic (LTL) fl] 13. Informally, an LTL formula over the set FI of atomic propo- 
sitions may contain boolean operators ^ (negation), V (disjunction) and A (con- 
junction), and temporal operators X (next), (until), F (eventually) and G (glob- 
ally/always). LTL formulas are interpreted over infinite words (generated by the 
transition system T from Def. [T]). For instance, Xp states that at the next position 
of a word, proposition p is true. The formula pi '2^p2 states that there is a future 
position of the word when proposition p2 is true, and proposition pi is true at least 
until p2 is true. The formula Gp states that p is true at all positions of the word; 
the formula Fp states that p eventually becomes true in the word. More expressivity 
can be achieved by combining the temporal and boolean operators. We say a run rj 
satisfies (j) if and only if the word generated by rj satisfies (j). An LTL formula (j) 
over a set FI can be represented by a Biichi automaton, which is defined next. 

Definition 2 (Biiclii Automaton). A Buchi automaton is a tuple B := {^b,J2^^,Eb,- 
Sb,'^b), consisting of 

1. a finite set of states =Sb; 

2. a set of initial states C ^g; 

3. an input alphabet L^; 

4. a non-deterministic transition relation 5b C x EqX M-g,; 

5. a set of accepting (final) states ^b C =Sb. 

A run of B over an input word O) = 0)*', a)\ . . . is a sequence tb — q^ ^q^ ,. . such 
that e =Sb, and (q'^ ,a)'^ .q'^^^) E 5b, for all ^ > 0. A Biichi automaton B accepts 
a word over Eb if and only if at least one of the corresponding runs intersects with 
^B infinitely many times. For any LTL formula (p over a set FI, one can construct 
a Biichi automaton with input alphabet Eq = 2^ accepting all and only words over 
2^ that satisfy 0. 

Definition 3 (Prefix-Suffix Structure). A prefix of a run is a finite path from an 
initial state to a state q. A periodic suffix is an infinite run originating at the state 
q reached by the prefix, and periodically repeating a finite path, which we call the 
suffix cycle, originating and ending at q, and containing no other occurrence of q. A 
run is in prefix-suffix form if it consists of a prefix followed by a periodic suffix. 
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3 Problem Formulation and Approach 



In this section we introduce the multi-robot path planning problem with temporal 
constraints for robots with uncertain, but bounded traveling times. Let 

^ = (1) 

be a graph, where V is the set of vertices and — ?>#C y x V is the set of edges. We 
consider S" as the quotient graph of a partitioned environment, where V is the set 
of labels of the regions in the environment and -^g is the corresponding adjacency 
relation. For instance, V can be a set of labels for the roads, intersections, and build- 
ings in an urban-like environment and — >^ can given the connections in between 



(see Fig. 5(a) i 



Consider a team of m robots moving in an environment modeled by S. The mo- 
tion capabilities of robot ij— 1,. . . ,m are represented by a TS T, = {^i,q^,5i,- 
TIi,J^i,Wi), where =S, C V; q^j is the initial vertex of robot 5, C— >^ is a relation 
modeling the capability of robot / to move among the vertices; iT,- C 17 is the sub- 
set of propositions that can be satisfied by robot /; ^ is a mapping from to 2^' 
showing how the propositions are satisfied at vertices; and Wi{q,q') is the average 
time for robot / to go from vertex q to q', which we assume to be an integer How- 
ever, due to the uncertainty in the traveling times of the robots, the actual value 
of Wi{q,q') observed during deployment, which we denote by Wi{q,q'), is a non- 
deterministic quantity that lies in the interval [piWi{q,q'),p'iWi{q,q')] where p;,p; 
are the lower and upper deviation values of robot /, respectively. We further assume 
that lower and upper deviation values p, and pi of each robot / are known a pri- 
ori and < p, < 1 < p;. In this model, robot / travels along the edges of T,, and 
spends zero time on the vertices. We also assume that the robots are equipped with 
motion primitives that allow them to deterministically move from q to q^ for each 
{q,q') G 5,, even though the time it takes to reach from q to q' is non-deterministic 
within a given interval. In the following, we use the expression "/n the field" to refer 
to the non-deterministic traveling times that occur during deployment, and use x and 
X to denote the planned and actual values, respectively of some variable x. 

We consider the case where the robotic team has a mission in which some particu- 
lar task must be repeatedly completed and the maximum time in between successive 
completions of this task must be minimized. For instance, in a persistent data gath- 
ering mission, the global mission could be keep gathering data while obeying traffic 
rules at all times, and the repeating task could be gathering data. For this example, 
the robots would operate according to the mission specification while ensuring that 
the maximum time in between any two successive data gatherings is minimized. 
Consequently, we assume that there is an optimizing proposition n £ FI that corre- 
sponds to this particular repeating task and consider multi-robot missions specified 
by LTL formulae of the form 

(j) ■■=(pAGF7t, (2) 
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where (p can be any LTL formula over 17, and GFtt means that the proposition 
7t must be repeatedly satisfied. Our aim is to plan multi-robot paths that satisfy 
the mission (j) and minimize the maximum time in between successive satisfying 
instances of n. 

To state this problem formally, we assume that each run r, ~ q'f ,ql , . . . of T, 
(robot starts at f = and generates a word O), = (of, 0)/, . . . and a corresponding 
sequence of time instances T; := f?,f/ , . . . such that of = ^ (^f ) is satisfied at ff . To 
define the behavior of the team as a whole, we consider the sequences T, as sets and 
take the union (J/'li T,- and order this set in an ascending order to obtain the sequence 
T:=f°,fi,....Then, we define (Otemn = (i>tlam 1 ^leiim , ■ • • to be the word generated by 
the team of robots where Ci)i4„,„ is the union of all propositions satisfied at t^. Finally, 
we define the infinite sequence T'^ = T'^(1),T'^(2), . . . where T''{k) stands for the 
time instance when n is satisfied for the A;''' time by the team and define the cost 
function 

/(T'^) =limsup(T''(/+l)-T''(0). (3) 

Thus, the problem becomes that of finding an optimal run of the team that satisfies 
(j) and minimizes ([3]l. However, the non-determinism in travehng times imposes two 
additional difficulties which directly follow from Prop. 3.2 in lfT9l : First, if the trav- 
eling times observed during deployment deviate from those used in planning, then 
there exist missions that will be violated in the field. Second, the worst case perfor- 
mance of the robotic team during deployment in terms of Eq. |3] will be limited by 
that of a single member. 

To guarantee correctness in the field, and limit the deviation of the performance 
of the team from the planned optimal run during deployment, we propose peri- 
odic synchronization of the robots. Using this synchronization protocol, robots syn- 
chronize with each other according to pre-computed synchronization sequences 
Si,i = l,...,m as they execute their runs r,, ; = 1 , . . . , m in the field. We can now 
formulate the problem. 

Problem 1. Given a team of m robots modeled as transition systems T,, / = 1 , . . . , m, 
and an LTL formula over FI in the form (|2]i, synthesize individual runs r, and syn- 
chronization sequences Sj for each robot such that T'^ minimizes the cost function 
([3]l, and (bteanu i-e., the word observed in the field, satisfies ^. 

Note that, if we think of Wi{q,q') as independent random variables with expected 
value Wj{q,q'), then our objective in Prob.[T|is equivalent to minimizing the expected 
time between successive satisfactions of n while ensuring that (j) is never violated. 
Since (Oteam observed in the field is likely to be sub-optimal, we will also seek to 
bound the deviation from optimality in the field. As we consider LTL formulas con- 
taining GF;r, this optimization problem is always well-posed. 

Our solution to Problem[T]can be outlined as follows: 

1. We obtain the team transition system T that captures the joint asynchronous be- 
havior of the members of the team (See Sec. |4.1| i; 
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We find an optimal satisfying run r,*„,„ on T using the Optimal-Run al- 
gorithm we previously developed in lfT4l and obtain individual optimal runs 
rtJ= l,...,m(See Sec.lOi; 

1, 



We generate the synchronization sequences Si,i — 1 , . . . , m to guarantee correct- 
ness in the field and calculate an upper bound on the field value of the cost func- 
tion ([3| (See Sec.|43]i. 



4 Problem Solution 

In this section, we describe each step of our solution to Prob. [T] in detail with the 
help of a simple illustrative example. We present our experimental results in Sec. [5] 



4.1 Obtaining the Team Transition System 

In II20II . we showed that the joint asynchronous behavior of a robotic team modeled 
as m transition systems T,-,/ = l,...,m (Def. [T]) can be captured using a region au- 
tomaton. A region automaton, as given in the following definition from |19|, is a 
finite transition system that keeps track of the relative positions of the robots as they 
move asynchronously in the environment. 

Definition 4 (Region Automaton). The region automaton R is a TS (Def.[T]i R := 

,wr), where 

1. cSr is the set of states of the form {q, r) such that 

a. <7 is a tuple of state pairs {qiq\, . . . ,q,„q[ij) where the element qiq'^ is a 
source-target state pair from of T,- meaning robot / is currently on its way 
from qi to q'j, and 

b. r is a tuple of clock values {xi,. .. ,x,„) where the element denotes the time 
elapsed since robot / left state qi. 

2. q'^ C ^R is the set of initial states with r — (0, . . . , 0) and q — {q\q\ , q%q'm) 
such that q^l is the initial state of T, and {q^,q'i) G 5,. 

3. 5r is the transition relation such that a transition from {q,r) to {q" y) exists if 
and only if 

a. {qi,q'i), {q'i,q'i ) & 5; for all changed state pairs where the element q/q'^ in q 
changes to q'^q" in q', 

b. Wi{qi,q'j) — Xi of all changed state pairs are equal to each other and are strictly 
smaller than those of unchanged state pairs, and 

c. for all changed state pairs corresponding x'- in r' becomes x^j — O and aU other 
clock values in r are incremented by Wi{qi,q'^) — x,- in r'. 

4. Hr = U"ljn/ is the set of propositions; 
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5. .5fR : ,^R — > is a map giving the set of atomic propositions satisfied in a state. 
For a state {q,r), ^R{{q,r)) = U,|^.=o^(?i); 

6. vvr : 5r — > M>o is a map that assigns a non-negative weight to each transition 
such that WR{{q,r),{q\f^)) = Wi{qi,q'j) — xt for each state pair that has changed 
from qiq'- to c^-q'j with a corresponding clock value of jcj = in r'. 

Example 1. F/g. [7] illustrates the TS's of two robots that are expected to sat- 
isfy the mission (j) := G(pi X(^pi pg)) AGF;r, where FIi — {pi, ;r}, 172 = 
{p2, P3, 7t}, and n — {pi, p2, P3, n}. The region automaton R that models the 
robots is given in Fig. [2] 




Fig. 1 Figs, (a) and (b) show the transition systems Ti and T2 of two robots in an environment with 
three vertices. The states of the transition systems correspond to vertices {a, b, c} and the edges 
represent the motion capabilities of each robot. The weights of the edges represent the traveling 
times between any two vertices. The propositions pi,p2,p3 and K are shown next to the vertices 
where they can be satisfied by the robots. 



However, as a region automaton encodes the directions of travel of the robots as op- 
posed to their locations, it typically contains redundant states, and thus can typically 
be reduced to a smaller size. The following example illustrates this fact. 



1 




Fig. 2 The finite state region 
automaton capturing the joint 
behavior of two robots in 9 
states. In a circle representing 
a state (q, r), the first line is q 
and the second line is r. 



Example 1 Revisited. State {{ab, be), (0,0)) of the region automaton R given in 
Fig.^is equivalent to the state {{ab,ba), (0,0)) in the sense that both robots satisfy 
the same propositions and the positions of both robots are the same at both states. 
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i.e., robot 1 is at a and robot 2 is at b. These two states differ only in the future 
direction of travel of the second robot, i.e., robot 2 travels towards c in the first 
state whereas it travels towards a in the second state. This information, however, is 
redundant as it can be obtained just by looking at the next state of the team in any 
given run. 

Motivated by this observation, we define a binary relation i% to reduce the region 
automaton R to a smaller team transition system T. 

Deflnition 5 (Binary Relation M). Binary relation ^ = {{s,t)\s e ^r, t e ^j} is 
a mapping between the states of R and T that maps a state s — {{qiq'^,... ,q,nq',„), 
{xi,.. . ,x,n)) in J2r to a state t = (ft, . . .,?,„) in =St, where f,- = qi if x; — and 
ti = qiq'iXi if Xi > 0. Note that, Xj = for at least one / G {1, . . . ,m}. We refer to a 
state ti e .^T of the form as a traveling state as it captures the instant where 
robot / has traveled from ^, to q'- for Xi time units. 

Given a region automaton R, we can obtain the corresponding team transition 
system T using the binary relation and the following procedure. 

Procedure 1 (Obtaining T from R) Using we construct the team transition sys- 
tem 'Y from the region automaton R as follows: 

1. For each s G =Sr we define the corresponding t G =St as given in Def. ^such that 

{s,t)eM. 

2. We set ^t(0 = -S^rI*)- Note that, each s that corresponds to a given t has the 
same set of propositions due to the way R is constructed (Def.^ i20J. 

3. For each s corresponding to a given t, we define the corresponding transitions 
originating from t in T such that 3{t,t') G 5rV(i,i') G 5r where {s,t) G ^ and 

{s',t')e^. 

4. We mark a state t in JSj as the initial state of T ;/ the corresponding s is an 
initial state in i?R. Note that, all states that correspond to a given t are either in 
q'^ altogether or none of them are in q^. 

The following proposition shows that the team transition system T obtained us- 
ing Proc.[T]and the corresponding region automaton R are bisimulation equivalent, 
i.e., there exists a binary relation between the states and the transitions of R and T 
such that they behave in the same way [ 1 1. 

Proposition 1 (Bisimulation Equivalence). The team transition system T obtained 
using Proc.^and the region automaton R are bisimulation equivalent, i.e., R ^ T, 
and Si is a bisimulation relation for R and T. 

Proof. In the following, we use Post to denote the set of states that can be reached 
from state s after taking a single transition out of s. For any (s,/) G M where 
5 G ^R and f G ^t, it holds that I£{s) = I£{t). Furthermore, for any (s,f) G ^ 
it also holds by construction that \ls' G Post{s),'3t' G Post(f)\(s' ,t') G Si and Vf' G 
foif (f),3i' G Post{s)\{s' ,t') G Si. Finally, we also have Vi G q'r, 3f G ct^\{s,t) G Si 
and Vf G g'^,3i G ^^|(i,f) G Therefore, R and T are bisimulation equivalent, 
i.e., R ^ T, and S^ is a bisimulation relation for R and T. ■ 
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Example 1 Revisited. Using ^ we construct T (Fig. [ij that captures the joint 
asynchronous behavior of the team in 6 states whereas the corresponding region 
automaton R had 9 states. A state labeled {a,b) means robot 1 is at region a and 
robot 2 is at region b, whereas a state labeled (bal, c) means robot 1 traveled from 
b to a for 1 time unit and robot 2 is at c. 



Fig. 3 The team transition 
system capturing the joint 
behavior of two robots in 6 
states. 

In II20II we showed that the number of states |^r| of the region automaton R that 
models the m TS s T,- , / = 1 , . . . , m is bounded by (n;i 1 1 5; | ) (D"! 1 " 11" 1 ( W'; - 1 ) ) , 
where | is the number of transitions in the TS T, of robot / and W, is maximum 
weight of any transition in T,. The following proposition provides a bound on the 
number of states |=St| of T and shows that it is indeed significantly smaller than the 
bound on |,^r|. 

Proposition 2. The number of states |=St| o/T is bounded by 

m m 

X{m+{w-i)Y\\5^\ (4) 

(=1 1=1 

where W is the largest edge weight in all TS's. 

Proof. The first term in Q is the maximum number of states that we can have in the 
Cartesian product of 7],/ = 1, . . . ,m. The second term in Q is an upper-bound on 
the number of traveling states (Def [5]l that we can define as we construct T. Here, 
H/'li is the maximum number of transitions that we can have in the Cartesian 
product of T,s and (W — 1 ) is the upper bound on the number of new traveling states 
per transition. Thus, |^t| is bounded by the sum of these two terms as given in (|4]). 
■ 

Finally, we note that the states of T corresponds to the instants where at least one 
member of the team has completed a transition in its individual TS and is currently at 
a vertex while other robots may still be traveling. Using this fact, one can construct T 
directly by using a depth first search that runs in parallel on the TS's of the individual 
members of the team as given in Alg. [T| 

Alg. [T] is essentially a recursive depth first search (lines 4 - 17) that starts at 
the initial state of the team transition system T (line 3). The initial state of T 
is defined as the tuple of the initial states of the m T,s (line 2). Given a state q of 
T, the function df sT first generates all possible tuples of transitions that can be 
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Algorithm 1: Construct-Team-TS 



Input: (Ti,...,T„). 

Output: Corresponding team transition system T. 

1 qj := {{j^j, . . . , q1,), where q*^ is the initial state of T,-. 

2 dfsT(^O). 



3 Function dfsT(state tuple q 6 Sj) 



4 q\i] is the element of state tuple q 6 i?x- 

5 f, is a transition of T,-, i = 1 , . . . , m, such that f, S { [q[i\ ,q'j)\ [q[i\ ,q'j) 6 5,} if q[i] 6 JS/. Else if 
?H = then f, = (qi,q'i). 

6 r := (fi , . . . ,f„,) is a tuple of such transitions. 

7 ,9' is the set of all such transition tuples at q. 

8 foreach transition tuple T e £^ do 

9 
10 
11 
12 
13 
14 
15 



16 
17 



w Shortest time until a robot is at a vertex while the ti'ansitions in T are being taken. 
Find the q' that corresponds to this new state of the team using 
if <?' ^ then 
Add state q' to ^j. 

Setif(g') = u,|,[,],^,i^'(^H). 

Add {q, q') to &Y with weight w. 
Continue search from q': dfsT{q'). 

else if [q.q') ^ &T then 
I^Add (17, q') to &Y with weight w. 



taken at the current states of the m TSs (Hnes 4 - 7). The current state of TS T, is 
given by the element of the current state q of the T. At line 5 of Alg. [I] we 
consider all possible transitions out of the current states of all TSs T, , / = 1 , . . . , m. If 
q\i] £ i.e., q[i] is a regular state of T,, then all transitions going out of this state 
in T,- will be considered in the transition tuples that we will construct. Else, q[i] is 
a traveling state of T, of the form qtq'iXi, and the only transition that can be taken is 
the one that is being taken, i.e., the transition from ^, to q'j. Then, we construct the 
set of all possible tuples of transitions that can be taken at the current states of the 
m TSs (lines 6-7) and process each tuple one by one (lines 8-17). In a transition 
tuple T, the element gives the transition that can be taken at the current state of 
T,-. In lines 9-10, we find the next instant where at least one transition in T has been 
completed and the next state q' of T that has been reached. If q' is a new state (lines 
1 1 - 15), we accordingly add it to £ii and define its propositions. Then, we add the 
transition that has just been completed to &y and continue our search from this new 
state q' . Else, we add the transition that has just been completed to §r if required and 
proceed to the next transition tuple in 5^. The algorithm concludes when all states 
and transitions of T have been discovered. 

Remark 2 (Comparison with Naive Construction). One can avoid going through 
Alg. [7] ant/ capture the joint behavior of the team by discretizing each transition in 
T,-,/ ~ 1, . . . ,m to unit-length edges and taking the synchronous product of these 
m T; 's. This approach, however, yields a much larger model whose state count is 
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bounded by 

f{[m+ E W,{q,q')^\8A. 
'=1 V {q4)e5, J 

For the case where we have m identical robots in an environment with Q vertices, A 
edges and a uniform edge weight ofW, the above given bound is 0{{Q + AWY"), 
whereas the bound given by Prop, ^is 0{Q"' + A"W). 



4.2 Obtaining Optimal Satisfying Runs and Transition Systems 
with Traveling States 

After constructing T that models the team, we use Alg. Optimal-Run from lfT4l 
to obtain an optimal run r*p„„j on T that minimizes the cost function ([3]l. The optimal 
run r*g^,„, is always in prefix-suffix form, consisting of a finite sequence of states of 
T (prefix), followed by infinite repetitions of another finite sequence of states of T 
(suffix) as given in Def.|3] 

Example 1 Revisited. For the example we have shown, running Alg. Optimal- 
RUN i lT?!/ on T given in Fig. ^or the formula = G(pi X(^pi ps)) A GFn 
results in the optimal run 



T 


2 


3 


4 


5 


6 


^team 


a,a b,b 


bal.c 


a.b 


abl,c 


b.b 




pi,P2,^ 


P3 




P3 


Pi,P2,;r ... 



where the first row shows when transitions occur, the second row corresponds the 
run r*g„,„, and the last row shows the satisfying atomic propositions. For this run, 
{a, a), {b,b) is the finite prefix and {bal,c), {a,b), {abl,c), {b,b) is the suffix cycle, 
which will be repeated infinite number of times. Also, the time sequence of sat- 
isfaction of K is — 2,4,6,8, . . . and the cost as defined in (|3]l is J{T^) = 2. 

Since T captures the asynchronous motion of the robots, the optimal satisfying run 
'"ream T Contain some traveling states which do not appear in the individual 
TSs T,-,/ = !,...,;« that we started with. But we cannot ignore such traveling states 
either, as each one of them is a candidate synchronization point for the correspond- 



ing robot as we discuss in Sec. 4.3 Instead, we insert those traveling states into the 
run r(*^„„ and the individual TSs so that the robots will be able to synchronize with 
each other at those points if needed. In the following, we use q'^[i] to denote the i''' 
element of the state tuple in which is also the state of robot ; at that position 
of r*^„,„. As given in Def p] a traveling state of robot / has the form qtq'jXi. First, we 
construct the set = {(f[i\ \ q'^[i\ — qiq'-Xi\/k,i} of all traveling states that appear 
in r*gQ„,. Then, we check each pair q'^\i\q'^^^ [/] in r,*„„j for all / and k to see if the 
corresponding transition skips any of the traveling states in In between all those 
pairs that skip some traveling state in 5^, we insert a new state tuple q"™ consisting 
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of the appropriate traveling states. Notice that, some elements of q""^' may not be in 
=5^. If there are any such new traveling states, we add them to the set ,5^ and repeat 
until the set ,9' stops changing. Next, we add each traveling state in 5'' to its corre- 
sponding TS T, . Then, we break the weight of the corresponding original transition 
from qi to q\ into segments so that robot ; visits the new traveling states of the form 
qiq^Xi Xi time-units after leaving qi for q'j. Finally, using the following definition, we 
project the optimal satisfying run r*j,„„j down to individual robots T,, / = 1, ... ,m to 
obtain individual optimal satisfying runs r*,/ = l,...,m. 

Definition 6 (Projection of a Run on T to T,'s). Given a run r,ea„, on T where 
'"ream = ■ we define its projection on T, as run r,- = ?f , ■ ■ ■ for all / — 

1, . . . ,m, such that such that q^ = ^*[/] where ^*^[/] is the element of tuple q''. 

It can be easily seen that the set of runs r,-, / = 1 , . . . , m obtained from r,(.a„, using 
Def.|6]and the run rteam on T indeed correspond to each other: The projection given 
in Def.[6]simply breaks down a sequence of tuples of states into a tuple of sequences 
of states, while preserving the order of the states. Thus, the word co and the time 
sequence T generated by r,-, / = 1, . . . ,ot are exactly the word COtemn and the time 
sequence T,g„,„ generated by r,i,am- Moreover, if run rteam is in prefix-suffix form, 
all individual runs r, projected from rteam are also in prefix-suffix form. Therefore, 
the individual runs projected from the optimal run rteam are always in prefix-suffix 
form. 

Fig. 4 Figs, (a) and (b) show 
the TSs with new traveling 
states that correspond to the 
optimal run r*j„„, that we 
computed for Ex. 1 . The new 
traveling states abl and bai 
of the TSs are highlighted in 
blue. 




Example 1 Revisited. For this example, after inserting the traveling states to rfg 
we have 



T 





1 


2 


3 


4 


5 


6 


learn 


a, a 


abl, abl 


b,b 


bal.c 


a,b 


abl,c 


b,b 


^t(-) 










P3 


P2,7t 


P3 


Pl,P2.7r ... 



Fig.^illustrates the corresponding TSs with new traveling states abl and ba\ high- 
lighted in blue. For the optimal run r*eam obtained for this example, we have runs 
of individual robots from Def^as r\ ~ a,abl,b,bal,a,abl,b,bal, a,abl,... and 
= a,abl,b,c,b,c,b,c,b,c, . . .. 
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4.3 Guaranteeing Correctness through Synchronization and the 
Optimality Bound 

As the robots execute their infinite runs in the field, they synchronize with each 
other according to the synchronization sequences that we generate using Alg. [2] 
The synchronization sequence of robot / is an infinite sequence of pairs of sets. 
The element of i,-, denoted by , corresponds to the k''^ element of r*. Each 
is a tuple of two sets of robots: sf = (sf , „„„y3.), where sf and if are the 

wait-set and notify-set of sf , respectively. The wait-set of if is the set of robots that 
robot / must wait for at state ^f before satisfying its propositions and proceeding to 
the next state ^f^' in r*. The notify-set of s\ is the set of robots that robot / must 



notify as soon as it reaches state g'f . As we discussed earlier in Sec. 4.2 the optimal 
run r,*^,„, of the team and the individual optimal runs r*,/ = 1, . . . ,m of the robots 
are always in prefix-suffix form (Def.|3]l. Consequently, individual synchronization 
sequences Si of the robots are also in prefix-suffix form. 



Algorithm 2: Sync-Seq 



,r* }, Biichi automaton B^^ that 



1 

2 
3 
4 

5 
6 
7 
8 
9 
10 
11 
12 
13 
14 



Input: Individual optimal runs of the robots {rj, . 

corresponds to -k/). 
Output: Synchronization sequence for each robot {^i , . 

,y = {l,...,m}. 

beg <— beginning of suffix cycle. 

end <— end of suffix cycle. 

Initialize each .s, so that all robots wait for and notify each other at every position of their 
runs. 

foreach k= 1 , . . . , end do 
foreach i e do 

ifk^i and k ^ beg then 
foreach j e J'\iAo 
Remove; from 
Remove i from „„„y,,. 

Construct the TS W that generates every possible cbteam- 
if the language o/B^^ x W is not empty then 
Addibackto4„,„,.,. 
Add / back to j,,^,;,. 



15 Rest of each i, is an infinite repetition of its suffix-cycle, i.e. s- 



beg 



Alg. |2] is essentially a loop (lines 5 - 14) that computes wait-sets and notify- 
sets for each position of the runs of the robots to guarantee correctness in the field. 
Initially, synchronization sequences are set so that the robots wait for and notify all 
other robots at every position of their runs (line 4). At line 7 of Alg.|2] if k is the first 
position of the runs, we do not modify this initial value of .sf . This ensures that all 
robots start executing their runs in a synchronized way. Also, if k is the beginning of 
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the suffix cycle, we again keep this initial value of if so that all robots synchronize 
with each other globally at the beginning of each suffix cycle. This lets us define 
a bound on optimality, i.e., the value of the cost function ^ observed in the field, 
as given in Prop. |3] For all other positions of the runs, we try to shrink the wait- 
set and notify-set of each sf so that communication effort is reduced while we can 
still guarantee correctness in the field (lines 9 - 14). To this end, we consider each 
one of the robots in robot fs k'^' wait-set, i.e., one by one. After removing 

some robot j from the ^1^° remove robot / from „otify accordingly (lines 

10-12). Then, given the p, and pi values of the robots, we construct the TS W 
that generates all possible words (Oteam that can be observed in the field due to the 
uncertainties in the traveling times. Next, we check if the language of the product 
B^,j, X W is empty or not, where B^,j, is the Biichi automaton corresponding to the 
negation of the LTL formula (line 12). If the language of the product is empty, then 
robot / indeed does not need to wait for robot j at the k''' position of its run. Thus, 
we keep the new values of .sfj^.^j, and «^„o„yy- Else, we restore sfj^,„„ and notify-set 
of notify to their previous values (lines 13-14) and proceed with the next robot in 

^'iwaif Once every robot in if,„„, is considered, we proceed with the next robot in 
the team, and eventually next position of the run. Notice that, the synchronization 
sequences generated by Alg.|2]are free from any dead-locks as lines 9 - 10, and lines 
13-14 ensure that if some robot / waits for robot j at position k, then robot j notifies 
robot / at position k, i.e., j G ^f^^,^^;, ■^=> / e s'^j „„iify V i^i^k. As the synchronization 
sequences of the robots are in prefix-suffix form and the robots synchronize with 
each other globally at the beginning of each suffix (line 8), at line 15, we define the 
rest of each synchronization sequence as an infinite repetition of its first suffix-cycle 
that we have just generated. For a prefix of length p and a suffix cycle of length s, 
the complexity of Alg. |2]is 0{{p + s)m^L) where m is the number of robots and L 
is the complexity of constructing W x B^^ and checking emptiness of its language 
at each iteration. The synchronization protocol that the robots follow in the field is 
given in Alg. [3] 



Algorithm 3: Sync-Run 

Input: The run r, and synchronization sequence Sj of robot i . 

1 k-i-O. 

2 while True do 

3 Notify all robots in .sf„„„y,,- 

4 Wait until notification messages of all robots in s'^,..,,:, are received. 

5 Make transition to r*^' after satisfying the propositions at ij. 

6 k-i-k+l. 



The following proposition sUghtly extends the result of Prop. 4.5 in lfT9l by con- 
sidering unequal lower and upper deviation values. 
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Proposition 3. Suppose that each robot's deviation values are bounded by p and ~p 
where p > p > (i.e., p, > p and pi <p for all robots i), and let JiT^) be the cost 
of the planned robot paths. Then, if the robots follow the protocol given in Alg. ^the 
field value of the cost satisfies 

J{f^)<J{T'')p+d,,{p-p) 

where ds is the planned duration of the suffix cycle. 



Example 1 Revisited. For the example we have shown throughout this section, we 
obtain the following individual optimal runs and synchronization sequences. 



T 





2 


3 


4 


5 


6 


r\ 




b 


bal 


a 


abl 


b 


S\ 


({2M2}) 


({},{}) 


({2}, {2}) 


({},{}) 


({},{}) 


({},{}) ■■■ 


^i(-) 












Pi, 7!^ 


r*! 




b 




b 




b 


S2 


({iMi}) 


({},{}) 


({IMI}) 


({},{}) 


{{},{}) 


({},{}) ••■ 


^2{.) 






P3 




P3 


P2,?!^ 



In a line corresponding to a synchronization sequence s,-, first and second elements 
of the tuple at position k are '^^'^ ^'i notify respectively. 

We finally summarize our approach in Alg.|4]and show that this algorithm indeed 
solves Prob. [T] 

Proposition 4. Alg. ^solves Prob. [7] 

Proof. Note that Alg. |4] combines all steps outlined in this section. The planned 
word OJteam generated by the entire team satisfies ^, and minimizes (|3]l, as shown in 
lfT4l . The synchronization sequences guarantee correctness in the field by ensuring 
that the (bteam generated in the field never violates for given deviation values. 
Therefore, {r*,...,r*} and as obtained from Alg. |4]is a solution to 

Prob.[T] ■ 



Algorithm 4: Robust-Multi-Robot-Optimal-Run 

Input: m T, 's, corresponding deviation values, and a global LTL specification ^ of the forni 

Output: A set of optimal runs {r\, . . . , r* } that satisfies and minimizes |3J, a set of 

synchronization sequences {.si, . . . ,s„,} that guarantees correctness in the field, and 
the bound on the performance of the team in the field. 

1 Construct the team transition system T using Alg. ^ 

2 Find an optimal run r*„„, on T using Optimal-Run 1114), 

3 Insert new traveling states to TSs according to rj,^„„ (See. Sec. ' 

4 Obtain individual mns {r^ . . . , r* } using Def.l6l 

5 Generate synchronization sequences {s\ .... ,^^3 using Sync-Seq (AIg.|2|. 

6 Find the bound on optimality as given in Prop, pi 



4.2 1. 
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5 Implementation and Case-Study 



We implemented Alg. |4] as a python module and used it to plan optimal satisfy- 
ing paths and synchronization sequences for the scenario that we consider in this 
section. Our experimental platform (Fig. 5(a) i is a road network comprising roads, 
intersections and task locations. Fig. 5(b) illustrates the model that captures the mo- 



tion of the robots on this platform, where 1 time unit corresponds to 1.574 seconds. 




J Fig. 5 Fig. (a) shows our 
(15) experimental platform. The 
squares and the circles on 
the trajectories of the robots 
represent the beginning of 
the suftix cycle and sync. 
i»i(i2) points, respectively. Fig. (b) 
ti illustrates the TS that models 
the robots. The green and red 
regions are data gather and 
upload locations, respectively. 



In our experiments, we consider a persistent surveillance task involving two 
robots with deviation values pT = P2 = 105 and p\ — P2 — 0.95. The building in 
the middle of the platform in Fig. |5(a)| is our surveillance target. We define the 
set of propositions U = {RlGatherlS, RlGather20, R2Gatherl8, R2Gather20, 
RlGather, R2Gather, RlUpload, R2Upload, Gather} and assign them as (18) 
= {RlGatherlS, RlGather, Gather}, ^9(18) = {R2Gatherl8, R2Gather, 
Gather}, ifi (20) = {RlGather20, RlGather, Gather}, if2(20) = {R2Gather20, 
R2Gather, Gather}, ^i(22) = {RlUpload} and ^2(22) = {R2Upload}. The 
main objective is to keep gathering data while minimizing the maximum time be- 
tween successive gathers. We require the robots to gather data in a synchronous 
manner at data gather locations 18 and 20 while ensuring that they do not gather 
data at the same place at the same time. We also require the robots to upload their 
data at upload location 22 before their next data gather. We express these require- 
ments in LTL in the form of ([2| as 

<p =G (Rlgather ^ X(^Rlgather Rlupload)) A G (R2gather ^ 
X(^R2gather ^ R2tipload)) A G ((RlGatherlS ^ R2Gather20)A 
(Rlgather20 => R2gatherlS) A (R2gatherlS Rlgather20)A 
(R2gather20 => RlgatherlS)) A GF Gather, 



where Gather is set as the optimizing proposition. 

Fig. 5(a) illustrates the solution we obtain using our algorithm. Using an iMac 15 
quad-core computer, it took our implementation 10 minutes to compute the optimal 
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runs and synchronization sequences of the robots. The planned value of the cost 
function was 44.072 seconds (28 time units) with an upper bound of 50.683 seconds 
(32.2 time units) seconds. We deployed our robots in our experimental platform to 
demonstrate and verify the result. The maximum time between any two successive 
data uploads was measured to be 48 seconds. The video available at |htt.p : 1 1\ 
[hyness . bu . edu/dars_2 012 . mo V| demonstrates the execution of this run by 
the robots. 



6 Conclusion 

In this paper we presented an automated method for planning optimal paths for a 
robotic team subject to temporal logic constraints expressed in LTL. The robots 
that we consider have bounded non-deterministic traveling times characterized by 
robot specific deviation values. We first compute a set of optimal satisfying paths 
for the members of the team. Then, leveraging the communication capabilities of 
the robots, we also compute a set of synchronization sequences for each robot to 
ensure that the LTL formula is never violated during deployment. Our experiments 
show that our method has practical value in scenarios where the traveUng times of 
the robots during deployment deviate from those used in planning. 
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